Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Root Vulnerability in passwd(1) on Solaris 8, 9

Posted by CowboyNeal on from the heads-up dept.

so-1997-and-1994 writes "There is a new vulnerability in the passwd command on solaris 8 and 9. Looks like a local user privilege escalation is possible. Patch your systems. This not the first nor the last time something like this has shown up."

3 of 283 comments (clear)

  1. Sigh... by Tet · · Score: 0, Redundant

    I see lots of patching in my immediate future...

    --
    "The invisible and the non-existent look very much alike." -- Delos B. McKown
  2. Re:Risk assessment by achurch · · Score: 1, Redundant

    if you would consider a remote exploit to be HIGH, that leaves a local exploit at medium, no?

    I dunno, personally I'd consider both of them high--many local exploits can be exploited remotely as well via buffer overflows and the like. I'd put non-root privilege elevation at medium, and things like denial of service that don't actually damage the system at low to medium, but it all depends on the particular circumstances.

  3. Re:Bzzzt! Wrong! by Politburo · · Score: 1, Redundant

    The wording is slightly incorrect, but his point is correct. After an exploit is released, the only way to be certain that you aren't currently cracked is to reinstall. It guarantees that if you were the victim of an exploit, you aren't anymore.